Some of these cookies are essential to make this website work for you. Others show us how the website is used and can help us improve it.

Find out how we use cookies and manage your settings

Data protection and subject access requests

Data protection law and the Data Protection Act, how to make a subject access request to find out what data we hold about you, how we process your personal information.

Data protection

We may hold some of your personal information if you've provided it when using our services. We comply with the data protection law to protect your details.

Dumfries and Galloway Council ('the Council') is a data controller, as registered with the Information Commissioner's Office, of your personal data.

View our entry on the register of data controllers – Information Commisioner's Office

Privacy statement

Our privacy statement outlines the ways in which we process your personal information as a council. It also explains what rights you have in relation your personal information and how you can access these.

Data Protection Act

The Data Protection Act 2018 replaced the Data Protection Act 1998 on 23 May 2018. The data protection law emphasises protecting your personal information and gives you with more rights and control over how organisations such as the council handle and process your personal information.

Personal information is information, which relates to a living person who could be identified from the information itself, or by linking it with other information. For example, it could be:

  • name and address
  • a school pupil's record
  • health information

Processing personal information is the name given to anything the council does with your personal information that they hold. For example, this could be:

  • entering your details into our computer systems
  • storing a completed form in a filing cabinet

Data protection principles

The council will comply with the six data protection principles to ensure the protection of your personal information. The council will ensure your personal information is:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and for legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and where necessary, kept up to date
  • kept for no longer than is necessary for the purpose
  • protected by appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction